• Home
  • Apps
  • Apps News
  • Instagram 'Download Your Data' Tool Security Flaw Exposed Some Users' Passwords

Instagram 'Download Your Data' Tool Security Flaw Exposed Some Users' Passwords

Instagram 'Download Your Data' Tool Security Flaw Exposed Some Users' Passwords

Instagram launched the data download tool in April this year

  • Instagram has reported of a new bug in the data download tool
  • The tool mistakenly shared the user's password via a link
  • The bug has been fixed by Instagram

Instagram has reported to a few of its users that their password information may have been compromised due to a bug in the new 'Download Your Data' tool. Instagram has confirmed that the URL shared while using the tool included the user's password information as well, something that should not be the case. If this tool was used on a shared computer, this password information in the URL could potentially lead to misuse. The company notes that it has already fixed the bug, but recommends users to change their passwords nevertheless.

The 'download your data' feature was launched in April and it lets users export their photos, videos, archived Stories, profile, info, comments, and non-ephemeral messages. This tool gathers all your data, makes it ready for download, and then sends the user a link via email, clicking which will enable users to download all their Instagram data. Due to the security bug, the link also included the users' account password information erroneously, compromising the user's privacy. The Information reports that an Instagram spokesperson had confirmed that the issue was "discovered internally and affected a very small number of people."

While the link was shared to the user privately via email, if this link was accessed via a public or shared computer, it could risk the users' account credentials being compromised. Instagram says that it has already fixed the issue at hand. "If someone submitted their login information to use the Instagram 'Download Your Data' tool, they were able to see their password information in the URL of the page. This information was not exposed to anyone else, and we have made changes so this no longer happens," and Instagram spokesperson told The Verge.

Even though the issue is fixed, a security researcher cited by The Information brings to light a larger issue with the bug, saying it would only have been possible if Instagram stored users' passwords in plain text format. The Instagram spokesperson disputed this claim saying that the company hashes and salts its stored passwords. While Instagram says that the issue has affected a very small number of people, we recommend that you change your password immediately, and use the data download tool with caution.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Instagram
Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Amazon, Apple Deal Win-Win Game for Both: Counterpoint
Xiaomi India Claims Its New Business Will 'Forever Change Rural Retail'

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com